Jorge Martins

**Name of the Vulnerable Software and Affected Versions** HTMLDOC versions prior to 1.9.15 **Description** A heap buffer overflow issue exists in the `image set mask` function, allowing an attacker to write outside the buffer boundaries. **Recommendations** For versions prior to 1.9.15, update to version 1.9.15 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** htmldoc version 1.9.15 **Description** A vulnerability was found in htmldoc where the stack out-of-bounds read takes place in the `gif get code()` function and occurs when opening a malicious GIF file, which can result in a crash (segmentation fault). **Recommendations** For htmldoc version 1.9.15, consider avoiding the use of the `gif get code()` function until a patch is available. As a temporary workaround, restrict the opening of GIF files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.